Link to home
Start Free TrialLog in
Avatar of Senyonjo
Senyonjo

asked on

Random Posword not Updating in Database

Hi there,

The scripts below, remember_me.php and function.inc.php are supposed to generate a random password and update corresponding field in the database.

Once prompted, they generate the random password and sends them to the user's email.  But the generated password is not updated in the database and so the user cannot login.

Can someone help me where I'm going wrong.

remember_me.php Script
===================
<?php
//brians code start here
include "functions.inc.php";
include "error_messages.inc.php";
//action=add means usr pressd the submit button
if ($action =="email")
{
 $error_found=false;
 $error="";
 //start validating the user input
 if($email=="")
 {
  $error_found=true;
  $error.=ERR_EMAIL_BLANK;
 }

if(!$error_found)
{
      {
            //{
            $host="mysql.xcalibre.co.uk";
            $uname="xxxxxx";
            $pass="xxx";
            $database="xxxxx";
            $tablename="g_workers";

            $connect= mysql_connect($host,$uname,$pass) or die("Could not connect you to Bizafrican Database! <br>");

            $selectdb=mysql_select_db($database) or die("Could not select the Bizafrican Database for you");

            $mingle   = "decode(password, '".$password."')";  
            $sqlquery = ("select email,username, " .$mingle. " as password from g_workers where email ='".$email ."' ");
            $queryresult = mysql_query($sqlquery,$connect)or die("could not execute the query.");
            if ($row = mysql_fetch_array($queryresult))
            {
            $email =  $row["email"];
            $from     = "dba@guardwise.com";
            $subject  =  "Guardwise.com - Important message for you";
            $message  =  "Your username is:  ". $row["username"]."\n".
                               "Your password is:  ". new_password($row["username"])."\n";//edited here              
            $message   .=  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.\n
 DBA/Support";
             
            mail($email,$subject,$message,"From: sssssssss.com <dba@ssssssssss.com>");
            Header("Location: http://www.sssssss.com/remember_done.htm");
            exit;
            }
            else
            {

              $error_found=true;
              $error.=ERR_EMAIL_NONE;
            }
      }
}
}
?>
==========================
Functions Script
==========
<?
//this function generate the select box for the selected external file
function makeCombo($optname,$optfile,$optsel,$optex,$optremove='-1000'){ //returns string containing select tag
if(!is_array($optremove)) $optremove=explode(",",$optremove);
$combo="<select name='$optname' $optex>";
include $optfile;

foreach($manutmp as $key => $value){

      $tosel="";
      if($optsel==$key){
      $tosel="selected";
      }
            
      if(in_array($key,$optremove) == false)$combo.="<option value='$key' $tosel>$value\n";
      
      }
$combo.="</select>";
return $combo;
}

//this will return the select value from the select box
function getComboValue($optfile,$optkey){
include $optfile;
return $manutmp[$optkey];
}

//encrypt the password
function encrypt_password($input)
{
 return md5($input);
}

//generate the random password
function new_password ($userid,$length=10) {
      // if you want extended ascii, then add the characters to the array
      $characters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');
      $random_str = "";
      for ($i = 0; $i <= $length; $i++) {
            srand((double)microtime()*1000000);
            $random_chr = round(rand(0, count($characters)-1));
            $random_str .= $characters[$random_chr];
      }
      
      //update the password for the user into  databae
      //update table pasword = encrypt_password($random_str)
       $db_name = "afrika";
$table_name = "biznames";
$connection = @mysql_connect("mysql.xcalibre.co.uk", "bbbbbb", "bbbbb") or die("Couldn't connect.");
        $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
       $sql = "UPDATE $table_name  
              SET  
              password = '". md5($random_str) ."'
              WHERE email = '". $email ."'    
              ";
$result = mysql_query($sql,$connection) or die("Couldn't execute query.");
      return $random_str;
}
?>
ASKER CERTIFIED SOLUTION
Avatar of eeBlueShadow
eeBlueShadow

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of eeBlueShadow
eeBlueShadow

This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial